On Thu, Aug 01, 2013 at 01:57:14PM -0400, Darouichi, Aziz wrote:
dn: cn=Google,ou=Group,dc=curry,dc=edu objectclass: groupOfUniqueNames cn: mail: description: uniqueMember: uniqueMember:
when I try to add the file I get the following error: adding new entry "cn= Google,ou=Group,dc=curry,dc=edu"
ldap_add: Object class violation (65)
additional info: attribute 'mail' not allowed
That is correct. The definition of groupOfUniqueNames is:
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
'mail' is not listed as an allowed attribute. If you want to add that attribute then you also need to include a suitable auxiliary object class that permits it. I don't think there is such a class in the standard set, so you will have to create one of your own. That is probably a good thing to do anyway, and you could start with a definition like this:
objectclass ( 1.2.826.0.1.3458854.666.1.1 NAME 'curryEduMailObject' DESC 'Aux object class for curry.edu' SUP top AUXILIARY MAY ( mail ) )
Your entry now has two objectclasses:
dn: cn=Google,ou=Group,dc=curry,dc=edu objectclass: groupOfUniqueNames objectclass: curryEduMailObject cn: mail: description: uniqueMember: uniqueMember:
Ideally you should use an OID based on your own institution's allocation, but that is not critical at this stage.
Andrew